Office 365 Spy Campaign Targets US Military Defense

An Iran-linked group is taking aim at makers of and satellites, Persian Gulf ports and shipping companies, among others.

A new threat actor, dubbed DEV-0343, has been spotted attacking U.S. and Israeli defense technology companies, Persian Gulf ports of entry and global maritime companies with ties to the Middle East. The threat actor’s goal is Office 365 account takeovers.

Microsoft, which began tracking the activity in late July , detailed the attacks in an alert released Monday, adding that the culprits appear to be bent on espionage and have ties to Iran. It stated cyberattackers are “conducting extensive password spraying” against Office 365 accounts.

Password-spraying is the process of trying a list of user names and a of different passwords against online accounts in hopes of finding a match and gaining access to password-protected accounts. In this case, the attackers typically mount attacks on “dozens to hundreds of accounts” within each targeted organization, Microsoft said, and have been seen trying thousands of credential combinations against each account.

So far, the campaign has targeted about 250 specific organizations that use Microsoft’s cloud-based Office suite, with less than 20 of them suffering compromise, according

Read More: https://threatpost.com/military-defense-spy-campaign/175425/